I have an apache server running on my local machine. I can connect to http://localhost from a different device in the same network, but I want to add a layer of authentication. So that when the user tries to access the localhost, it has to enter the correct username/pwd to proceed. Is there anyway to do this without having it the authentication code in the javascript or html file returned by the apache server? I'm new to this so I'm a little confused.
You can configure apache to require authentication. Have a look at http://httpd.apache.org/docs/2.4/howto/auth.html
Related
We have 3 servers: a gateway machine, and 2 other hosts (old and new).
Originally, the gateway machine was serving a django app hosted on OLD via proxypass. We are shutting down OLD and have moved the app over to NEW.
On NEW, the app works fine when accessing the host directly (http://IP.FOR.NEW/site)
However, when trying to access via the gateway (so that users don't have to update links/learn an IP/etc), accessing via http://gateway/site gives an LDAP error.
HOWEVER, it's not LDAP that's the issue. The OLD server used LDAP, while the NEW server is simply using the django user system. As a result, all LDAP references were removed, and it works when accessing it directly.
It looks like when accessing via gateway, it is serving the old code but trying to point it at the NEW server. If I stop apache on the NEW server, access via the gateway fails with 'service unavailable'.
As far as I can tell, caching is not enabled on either server.
edit: I tried changing the user facing url (gateway/foo to gateway/bar) which is redirected via proxypass to NEW/site. No change. Still appears to be serving old code on the NEW server.
Any suggestions on where to start looking would be appreciated.
I have a deployed SSL website displaying maps.
I have a local application (flight simulator) which spits out location data.
I'd like to have the browser's map update itself based on location data. Not just for me, but anyone running this local application should be able to see their location on their browser.
websockets won't work because the webapp is SSL & one cannot connect localhost or 127.0.0.1 with SSL websocket and insecure websockets are blocked. (Using DNS tricks and deploying certificates won't work because it should support "anyone".)
Using javascript File API with a UNIX domain socket won't work because, while I believe javascript can read domain sockets, there's no way for a User Browser to 'select' a domain socket as a File object.
The only pathway I see is by having the local application pass data directly to my webserver & have the webserver forward it to the appropriate browser. (Say, when local application is started, user provides their webapp login & the webserver will be able to pair incoming location data with user's web session.)
Is there another way? (a different path, or different configuration to permit websocket?) Seems too bad that localhost doesn't get a free pass with respect to security.
I'm trying to upgrade a websocket connection ws:// to wss:// using a nginx reverse proxy https://github.com/nicokaiser/nginx-websocket-proxy/blob/master/simple-wss.conf
but I seem to be having trouble with the certificate part. My server is located on the same network as the client. So Ideally I would want my users to log in to "https://example.com" and then the client makes a connection to "wss://192.168.1.xxx:xxxx".
As of now the browsers are blocking it because of NET::ERR_CERT_COMMON_NAME_INVALID. I don't really know to produce a self signed certificate that the browsers will trust on the local network. Googling only gives me answers on how to do it if my server would be accessed using a domain name but I will always connect to a local network IP. Help is appreciated!
To anyone coming across this I managed to solve it using this post outlining the architecture https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/
What ended up happening was that we set up a url pointing to a server running nginx which parsed the subdomain and redirected the connection to that url. For example: wss://192-168-1-142.mydomain.com redirects to ws://192.168.1.142 which makes the browser trust the connection
Does this work?
Your post is a year old now and browsers have become stricter since then. Usually, a browser will produce 'mixed content' errors if you access HTTP content from a HTTPS page, and the only way to get round this is to change the site settings to allow insecure content, which is scary for users in the face of a big warning message.
If accessing an HTTPS web address redirects to an HTTP local IP address, won't the browser still complain about mixed content?
I have a similar situation to you. I am writing a Progressive Web Application (PWA) to control network music players on a home network. The players only support HTTP but a PWA requires HTTPS for services workers to work and to allow the app to be 'installed'.
My solution is to run a local server on the home network which can talk to the players over HTTP. Then I can access this server over HTTPS from my browser so that the browser itself is not making any HTTP calls.
This works fine if the server is on localhost because localhost is a special case where security rules are relaxed. But if the server is on another machine, how can I create an SSL certificate since (1) it seems that local IP addresses are not allowed in the Subject Alternative Name (SAN) section of the certificate, and (2) I won't know in advance what the IP address of the server will be.
If your workaround works, then the local server can use HTTP instead so I won't need a certificate. The local server can register itself with a web server, and then the browser can connect over HTTPS to the web server, which would redirect to the IP address of the local server over HTTP.
But does this trick work?
I've got a virtual machine running on ESXI which I use for local development, I access this machine in my browser via a local domain, http://dev for example. This all works well and no issue for years until I've just started using Facebook Login which requires OAuth redirect URLs to be 'real'.
I can no longer use my http://dev as it won't allow it, I noticed it will however allow http://localhost.
I should note I'm not always using apache/nginx etc so I don't want to be creating virtual hosts
How do I go about being able to register a virtual machine for a OAuth redirect when it's not accessible on localhost?
Despite being sure I've tried this before, I did just try the local IP address of the server (192.168.0.111) and looks like that worked for the redirect/callback on the Facebook Developers Console.
So, while not ideal, you can use the local IP rather than the hostname.
I have my CAS setup locally. I have a grails application that is running locally as well. My CAS authentication is working. My CAS is running at this location
http://localhost:8081/cas/login?service=http%3A%2F%2Flocalhost%3A8081%2Fj_spring_cas_security_check
My grails application is running at http://localhost:8080/CASTest/test/
So when I go to my grails application i get redirected to CAS for login, however after login I getting I keep getting evaluationException on hostUrl in my CAS. I think the error is because of localhost in the service field in CAS, if i change this to test1.localhost it works, it redirects me to test1.localhost after authentication. Any ideas how i can redirect it back to my application that is running locally?
Try configuring the hosts file of your operating system to accept the chosen domain for your application as an alias to localhost, and then use that in your CAS configuration in development environment.
Check out the Wikipedia entry for the hosts file for the appropriate location in your system (if you are using Linux that would be /etc/hosts), and then add a line like:
127.0.0.1 test1.localhost
After that, you can use it in your CAS configuration for the development environment -- the serviceUrl configuration should point to something like http://test1.localhost/CASTest/j_spring_cas_security_check.
Hope it helps!